Chapter20 Certificate Authority Server
Create CA Server
20-2
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
and complete the configuration. If Cisco SDM does not discover missing
configurations, this box does not appear. Possible prerequisite tasks are described
in Prerequisite Tasks for PKI Configurations.

Create Certificate Authority (CA) Server

Click this button to create a CA server on the router. Because only one CA server
can be configured on the router, this button is disabled if a CA server is already
configured.
Note The CA server you configure using SDM allows you to grant and revoke
certificates. Although the router does store the serial numb ers and other
identifying information about the certificates that it grants, it does not store the
certificates themselves. The CA server should be configured with a URL to a
Registration Authority (RA) server that can store certificates that the CA server
grants.

Restore Certificate Authority (CA) Server

If a CA server already operates on the router, you can restore the CA server
configuration, and the information. If no CA server is configure d on the router,
this option is disabled.
Prerequisite Tasks for PKI Configurations
Before you begin a certificate enrollment or CA server configuration, it may be
necessary for you to complete supporting configuration tasks first. SDM reviews
the running configuration before allowing you to begin, alerts you to
configurations you must complete, and provides links that take you to the areas of
SDM that allow you to complete these configurations.
SDM may generate alerts about the following configuration tasks:
SSH credentials not verified—Cisco SDM requires you to provide your SSH
credentials before beginning.
NTP not configured—The router must have accurate time for certificate
enrollment to work. Identifying a Network Time Protocol server from which
your router can obtain accurate time provides a time source that is not